IAM Role: AWS/KMS/Operator
| Permission | Grant |
|---|
| kms:Decrypt | Operator |
| kms:Encrypt | Operator |
| kms:GenerateDataKey | Operator |
| kms:GenerateDataKeyPair | Operator |
| kms:GenerateDataKeyPairWithoutPlaintext | Operator |
| kms:GenerateDataKeyWithoutPlaintext | Operator |
| kms:GenerateRandom | Operator |
| kms:ReEncrypt | Operator |
| kms:ReEncryptFrom | Operator |
| kms:ReEncryptTo | Operator |
| kms:ReplicateKey | Operator |
| kms:Sign | Operator |
| kms:SynchronizeMultiRegionKey | Operator |
| kms:TagResource | Operator |
| kms:UntagResource | Operator |
| kms:Verify | Operator |
| kms:DescribeCustomKeyStores | Metadata |
| kms:DescribeKey | Metadata |
| kms:GetKeyPolicy | Metadata |
| kms:GetKeyRotationStatus | Metadata |
| kms:GetParametersForImport | Metadata |
| kms:GetPublicKey | Metadata |
| kms:ListAliases | Metadata |
| kms:ListGrants | Metadata |
| kms:ListKeyPolicies | Metadata |
| kms:ListKeys | Metadata |
| kms:ListResourceTags | Metadata |
| kms:ListRetirableGrants | Metadata |
